Gotham Security Daily Threat Alerts

December 15, Softpedia – (International) CloudFlare SSL certificate used for phishing scam. A researcher with Malwarebytes identified a new phishing email campaign that utilized a free CloudFlare certificate in order to make a malicious link appear more trustworthy. CloudFlare has since revoked the certificate. Source

December 15, Softpedia – (International) SoakSoak malware campaign affects over 100,000 websites. A Sucuri researcher reported that malware delivered from the Russian Web site soaksoak.ru has affected over 100,000 WordPress Web sites adding a code that adds a malicious JavaScript on every page viewed on the affected sites. Google then blacklisted more than 11,000 domains connected to the malware. Source

December 12, Securityweek – (International) Ursnif malware steals data, infects files in US, UK. Trend Micro researchers detected an increase in the number of Ursnif malware infections caused by a variant known as PE_URSNIF.A-O that is capable of infecting files as well as stealing passwords and other information. The largest number of the new infections were found in the U.S. and U.K. Source

December 12, The Register – (International) Batten down the patches: New vuln found in Docker container tech. A security researcher identified an arbitrary code execution vulnerability in Docker that was introduced in a November patch and could be exploited by including malicious .xz binaries in image files. The developers of Docker released a new patch that closes the vulnerability, and all users were advised to apply the patch as soon as possible. Source